NAT AND PAT

NAT DEFINITION
NAT (Network Address Translation) is the translation of an Internet Protocol address (IP address) used within one network to a different IP address known within another network. One network is designated the inside network and the other is the outside. Typically, a company maps its local inside network addresses to one or more global outside IP addresses and unmaps the global IP addresses on incoming packets back into local IP addresses. This helps ensure security since each outgoing or incoming request must go through a translation process that also offers the opportunity to qualify or authenticate the request or match it to a previous request. NAT also conserves on the number of global IP addresses that a company needs and it lets the company use a single IP address in its communication with the world.

PAT DEFINITION
Port address translation (PAT) is a function that allows multiple users within a private network to make use of a minimal number of IP addresses. Its basic function is to share a single IP public address between multiple clients who need to use the Internet publicly. It is an extension of network address translation (NAT).

NAT AND PAT TERMINOLOGY DIAGRAM

NAT Terminology Diagram

PAT Terminology Diagram

IP Network Address Translation (NAT) Terminology

As its name clearly indicates, IP Network Address Translation is all about the translation of IP addresses. When datagrams pass between the private network of an organization and the public Internet, one or more of the addresses in these datagrams are changed by the NAT router. This translation means that every transaction in a NAT environment involves not just a source address and a destination address, but potentially multiple addresses for each of the source and destination. In order to make more clear the explanation of how NAT operates, several special designations have been developed to refer to the different types of addresses that can be found in an IP datagram when NAT is used. Unfortunately, the terminology used for addressing in NAT can be confusing, because it's hard to visualize what the differences are between the (often similar-sounding) names. However, without knowing what these addresses mean a proper understanding of NAT operation is impossible, so we need to start by explaining them. Term Inside local Meaning In a typical NAT design, the term inside refers to an address used for a host inside an enterprise. An inside local is the actual IP address assigned to a host in the private enterprise network. A more descriptive term might be inside private, because when using RFC 1918 addresses in an enterprise, the inside local represents the host inside the enterprise, and it is a private RFC 1918 address. In a typical NAT design, the term inside refers to an address used for a host inside an enterprise. NAT uses an inside global address to represent the inside host as the packet is sent through the outside network, typically the Internet. A NAT router changes the source IP address of a packet sent by an inside host from an inside local address to an inside global address as the packet goes from the inside to the outside network. A more descriptive term might be inside public, because when using RFC 1918 addresses in an enterprise, the inside global represents the inside host with a public IP address that can be used for routing in the public Internet. In a typical NAT design, the term outside refers to an address used for a host outside an enterprise-in other words, in the Internet. An outside global is the actual IP address assigned to a host that resides in the outside network, typically the Internet. A more descriptive term might be outside public, because the outside global represents the outside host with a public IP address that can be used for routing in the public Internet. In a typical NAT design, the term outside refers to an address used for a host outside an enterprise-in other words, in the Internet. NAT uses an outside local address to represent the outside host as the packet is sent through the private enterprise network (inside network). A NAT router changes a packets destination IP address, sent from an inside host to the outside global address, as the packet goes from the inside to the outside network. A more descriptive term might be outside private, because when using RFC 1918 addresses in an enterprise, the outside local represents the outside host with a private IP address from RFC 1918.

Inside global

Outside global

Outside local

IP NETWORK ADDRESS TRANSLATION (NAT) TERMINOLOGY DIAGRAM

This diagram will help you better understand the whole inside/outside/local/global thing.

STATIC AND DYNAMIC NETWORK ADDRESS TRANSLATION

Static NAT - A type of NAT in which a private IP address is mapped to a public IP address, where the public address is always the same IP address (i.e., it has a static address). This allows an internal host, such as a Web server, to have an unregistered (private) IP address and still be reachable over the Internet. Dynamic NAT - A type of NAT in which a private IP address is mapped to a public IP address drawing from a pool of registered (public) IP addresses. Typically, the NAT router in a network will keep a table of registered IP addresses, and when a private IP address requests access to the Internet, the router chooses an IP address from the table that is not at the time being used by another private IP address. Dynamic NAT helps to secure a network as it masks the internal configuration of a private network and makes it difficult for someone outside the network to monitor individual usage patterns. Another advantage of dynamic NAT is that it allows a private network to use private IP addresses that are invalid on the Internet but useful as internal addresses.

DIFFERENCE BETWEEN STATIC AND DYNAMIC NAT

Static NAT Static NAT means that you configure your router to translate one address always into another, specified address. (Such as translate 10.1.1.1. to 192.168.1.1). Dynamic NAT Dynamic NAT means the translation is on demand, so if necessary NAT is used. It's necessary to use NAT when using private addresses (such as 10.x.x.x, 172.16.x.x-172.32.x.x and 192.168.x.x) while trying to access the internet.